Windows
Analysis Report
Offer 15492024 15602024.docx.doc
Overview
General Information
Detection
Score: | 68 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2088 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5) - AcroRd32.exe (PID: 2512 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroR d32.exe" - Embedding MD5: 2F8D93826B8CBF9290BC57535C7A6817) - RdrCEF.exe (PID: 3168 cmdline:
"C:\Progra m Files (x 86)\Adobe\ Acrobat Re ader DC\Re ader\AcroC EF\RdrCEF. exe" --bac kgroundcol or=1651404 3 MD5: 326A645391A97C760B60C558A35BB068)
- cleanup
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Click to jump to signature section
AV Detection |
---|
Source: | ReversingLabs: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | Directory queried: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: | ||
Source: | OLE indicator, Word Document stream: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | LNK file: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Persistence and Installation Behavior |
---|
Source: | File opened: | Jump to behavior |
Source: | Extracted files from sample: |
Source: | Section loaded: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path 'CONTENTS' entropy: | ||
Source: | Stream path '_1777980428/CONTENTS' entropy: | ||
Source: | Stream path '_1777980429/CONTENTS' entropy: | ||
Source: | Stream path '_1777980430/CONTENTS' entropy: | ||
Source: | Stream path '_1777980431/CONTENTS' entropy: | ||
Source: | Stream path '_1777980433/CONTENTS' entropy: | ||
Source: | Stream path '_1777980434/CONTENTS' entropy: | ||
Source: | Stream path '_1777980435/CONTENTS' entropy: | ||
Source: | Stream path '_1777980436/CONTENTS' entropy: |
Source: | Directory queried: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 13 Exploitation for Client Execution | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 11 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Process Injection | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 3 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 14 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 4 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bot.ax | 104.21.47.128 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.171.37 | unknown | United States | 13335 | CLOUDFLARENETUS | false | |
104.21.47.128 | bot.ax | United States | 13335 | CLOUDFLARENETUS | true |
IP |
---|
192.168.2.255 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1446728 |
Start date and time: | 2024-05-23 20:40:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 1 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Offer 15492024 15602024.docx.doc |
Detection: | MAL |
Classification: | mal68.expl.evad.winDOC@18/29@5/3 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe
- Excluded IPs from analysis (whitelisted): 2.21.22.179, 2.21.22.155, 88.221.168.141
- Excluded domains from analysis (whitelisted): ssl.adobe.com.edgekey.net, armmf.adobe.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, a122.dscd.akamai.net, acroipm2.adobe.com
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Report size getting too big, too many NtWriteVirtualMemory calls found.
- VT rate limit hit for: Offer 15492024 15602024.docx.doc
Time | Type | Description |
---|---|---|
14:41:35 | API Interceptor | |
14:41:42 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.171.37 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
104.21.47.128 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bot.ax | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
05af1f5ca1b87cc9cc9b25185115607d | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Lokibot | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | modified |
Size (bytes): | 292 |
Entropy (8bit): | 5.204701829243891 |
Encrypted: | false |
SSDEEP: | 6:DnRyq2PP2nKuAl9OmbnIFUt86nC1Zmw+6nCjRkwOP2nKuAl9OmbjLJ:DRyvWHAahFUt86U/+6qR57HAaSJ |
MD5: | 209CBF08797FA68AE4D8F81E9F150157 |
SHA1: | 07AA41DFA169A1959DCD3F7AD12FB2188D386587 |
SHA-256: | 5D11937190DC5A9FCE244C786F0CFD35F389FA535DE85CC361B00B89B595DA9B |
SHA-512: | DA794EB00D72722034EEF9BD0EF8D1B8301A75B1A716A2EC3DC464AB5F1759B0A0F9A56FFBF6AB39281A6F41DBF406D26FA03389028A08678FFAD82079842D9C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.204701829243891 |
Encrypted: | false |
SSDEEP: | 6:DnRyq2PP2nKuAl9OmbnIFUt86nC1Zmw+6nCjRkwOP2nKuAl9OmbjLJ:DRyvWHAahFUt86U/+6qR57HAaSJ |
MD5: | 209CBF08797FA68AE4D8F81E9F150157 |
SHA1: | 07AA41DFA169A1959DCD3F7AD12FB2188D386587 |
SHA-256: | 5D11937190DC5A9FCE244C786F0CFD35F389FA535DE85CC361B00B89B595DA9B |
SHA-512: | DA794EB00D72722034EEF9BD0EF8D1B8301A75B1A716A2EC3DC464AB5F1759B0A0F9A56FFBF6AB39281A6F41DBF406D26FA03389028A08678FFAD82079842D9C |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF510964.TMP (copy)
Download File
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 292 |
Entropy (8bit): | 5.204701829243891 |
Encrypted: | false |
SSDEEP: | 6:DnRyq2PP2nKuAl9OmbnIFUt86nC1Zmw+6nCjRkwOP2nKuAl9OmbjLJ:DRyvWHAahFUt86U/+6qR57HAaSJ |
MD5: | 209CBF08797FA68AE4D8F81E9F150157 |
SHA1: | 07AA41DFA169A1959DCD3F7AD12FB2188D386587 |
SHA-256: | 5D11937190DC5A9FCE244C786F0CFD35F389FA535DE85CC361B00B89B595DA9B |
SHA-512: | DA794EB00D72722034EEF9BD0EF8D1B8301A75B1A716A2EC3DC464AB5F1759B0A0F9A56FFBF6AB39281A6F41DBF406D26FA03389028A08678FFAD82079842D9C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.008898238653846898 |
Encrypted: | false |
SSDEEP: | 3:ImtVnM1xVlt/rt/l3Sxdlt4dV1gt/lop:IiV0xlzaxdX4m1lo |
MD5: | 3B8BF2F369CA7ABDF0636EE15DDEF161 |
SHA1: | 4B82D483B79B555C62AA17F31F24F43C38F2C80F |
SHA-256: | 100201408FDCFA835C8699C6C2FCE748C5C3844C386053F9AA7CAD622373BFCA |
SHA-512: | 457D92EA15FA528E7BE3ED8136A267BD08A4D7866FDD7C353CFEB898F896983B40BB48156DC25D5E00EC118C6309337F3A9344226D1635F94D7F4A122D3DD87E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61440 |
Entropy (8bit): | 3.5765668006457156 |
Encrypted: | false |
SSDEEP: | 384:neh9dThytELJ8DAcLKuZsLRGlKhsvXh+vSc:nAeZsLQhUSc |
MD5: | 0AA5C4A1554B9EFA75AD1D55EAAFD527 |
SHA1: | 053BFF6B01018BCB12B2767BEB359B8CA464543E |
SHA-256: | 1019F443060DB309C3340346FF7CDBD8A6A33D71E11E92D490CC080A83041CFF |
SHA-512: | 57866163515706E36FEFF43513B7D5F2EF9AAD89CB7EA4F3BBAB94D40051369C8AF2FE0A5ABC9CAB400E05A311735CC1C7FE2F41FC1EA66DA03FDC2E2AE9DDD0 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8720 |
Entropy (8bit): | 3.312898121228136 |
Encrypted: | false |
SSDEEP: | 48:7MDU2iomVmBsmom1CNdiomYiom1Nom1Aiom1RROiom1Com1pom1XSiomVPiomg5Z:7EBCm6rNd9RhLSCPwd49IVXEBodRBk7 |
MD5: | CAC047F57FD00A43A6748658DD2659AD |
SHA1: | E83C13AE333BA25C813CD3989267F9C9A67493BF |
SHA-256: | 0B8337A4791FD9EC447B90BF6972CB2079EC517565F76E2596676F7FCFEA614A |
SHA-512: | F83DF99B84063F7482069DFF9F14B0956C3AB6E91274A98DFBA24D04F2E25F4804D24E2B5FAB105724D84BD10464CE49096272E482981C98EDB0CCC819BD9AAD |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72643 |
Entropy (8bit): | 5.393779678652009 |
Encrypted: | false |
SSDEEP: | 768:PCbTjMYOpdyVFWqnPvBRSiRkTIVzY3mXqWHDM2Us5HYyu:AlOpdyVFWcPvBBRkTIdY3unjHK |
MD5: | CC471F0BA0AF5790AF5F66770221A6F7 |
SHA1: | DEF0C722BDBBB15CD1DAE9E533B4A3013D471427 |
SHA-256: | EC9BC4B13AE566FC978B86F5D7ACB28A535CC9DB2812A308A79B48374138F1C1 |
SHA-512: | 84BC0EA7756A5505DD23F74861626F0A0CE875B406B8BA83437DA7A7A30926AEA64ED5913AC107A6423B22C70A2BAB37B7B9F02BB76B1137BC8F1735F559EAE6 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025641896670120692 |
Encrypted: | false |
SSDEEP: | 6:I3DPc0YhFvxggLR7fWlgt/1u5FRXv//4tfnRujlw//+GtluJ/eRuj:I3DPgX+lg1uvYg3J/ |
MD5: | 680F359FA02E81BA50C3E8448E96910D |
SHA1: | 3ADC8B8D9E8AC216FBD9E9EEB1254DD3CD35EEDF |
SHA-256: | ED49C5509A30F55AB6122B209D618D82A8EB339CB4B70A6D07387B7A428EDAA9 |
SHA-512: | 8D2DA529F879EC8F049F6A928C433A2AD5538101207E1C0F0FBEF0EAF7696E6FEE6A2AB1A810A32F12F27C8F2B17DCCB64F336B6821BC92268145A43079845DD |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\hNZdz[1].htm
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 167 |
Entropy (8bit): | 4.43745738033235 |
Encrypted: | false |
SSDEEP: | 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLGWbRIwcWWGu:q43tISl6kXiMIWSU6XlI55bRIpfGu |
MD5: | 0104C301C5E02BD6148B8703D19B3A73 |
SHA1: | 7436E0B4B1F8C222C38069890B75FA2BAF9CA620 |
SHA-256: | 446A6087825FA73EADB045E5A2E9E2ADF7DF241B571228187728191D961DDA1F |
SHA-512: | 84427B656A6234A651A6D8285C103645B861A18A6C5AF4ABB5CB4F3BEB5A4F0DF4A74603A0896C7608790FBB886DC40508E92D5709F44DCA05DD46C8316D15BF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2760287.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4DCE1C90.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.611760173242012 |
Encrypted: | false |
SSDEEP: | 768:/jKn4RpbfoTGRFm2GWWDEXM4espe2B/nwyFwx+VjRQ9+c4AgD7PHj8bKYEqQtVxY:/jhRpbfoaRFvGWW6/4DADMXIok/2GiEs |
MD5: | D69C22A341E111FEEA69DF6D8C655D60 |
SHA1: | AC862337F2EFA43627508927F5052CE694012206 |
SHA-256: | 05B2053BF1D070D6034B45CD79B54D80DA3C6D88D016671A345E75048B1A68DB |
SHA-512: | D4DB33ED046B3C9BA09C4B3FEAC17B1FE2E75FCE67F4154FD795D504708C295A1E3C8331ED3D6C3EE9950C936C4CC25B5D690558C26F2E1F7771BD5EB275822C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\642EEADC.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\988D220B.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9D0EA1B2.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9E522104.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9EEE011E.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B771952D.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DCE8D351.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED2C6F4F.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FCB74535.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1505804 |
Entropy (8bit): | 0.608714479340621 |
Encrypted: | false |
SSDEEP: | 768:QncRpbfoTGRFJxqWKAEXM4espeEnwyFwx+VjJ6bGx4Al7PHj8bKYEqQtVxGW6sQR:fRpbfoaRFTqWKP8w9MXIoZfE3NkEs |
MD5: | 476C7C2F309C957F6428D04E94C4F64A |
SHA1: | F1B0FA252BABFB7002DC87069A436AD71BDA532F |
SHA-256: | C0DA66B866CC999AEE20456C2EEE3EEFC05046B8F5DF3755F95FECB85F9F8BE5 |
SHA-512: | C941FBACC6C98B556EA742538B2F2C61A66BE677AA5F97457DFE07EA9652E17FE545AC05740F8ED20B1449FDCF38E97C49FE73FF8D53220A4E8D3E6E3615854E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{05894FFF-9B10-4445-B3AA-6E03C6331A8D}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 12779520 |
Entropy (8bit): | 1.2499265779435718 |
Encrypted: | false |
SSDEEP: | 24576:pznzhzozczFPzfzXzszxzCzIzRz+z9xzPzJzD9O:pDtEA5PL7AtmkFSJxD99 |
MD5: | 4605356C655CA7364D6DD9016DDD5FC3 |
SHA1: | 42B668EDFEC85967742DC5F00A4E38116BA763DE |
SHA-256: | 517CF9F4F50865E40AAD4D5804BF0DF75361F5842875C9B5FDC9A7C75DCC48A8 |
SHA-512: | 2736EF61AD54191D355DBE8EA2E57E3D2BF8B7BBA3F9AB070F3747FB9141A338AF4214A0D268370502C0BDD0AF05303EC97862C40CD4558A4F857641304BCE5B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{25683BA2-9842-415F-8B16-690542B9D4B9}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1738 |
Entropy (8bit): | 2.8231012178638037 |
Encrypted: | false |
SSDEEP: | 24:P3oK3oK3oK3oa3oK3oK3oK3mD7bdN1WfK3oK3oK3Q:+PbdN1C |
MD5: | 69ADAD3B2E8A30194D00F47320939EE3 |
SHA1: | 6CAF57936C807EA0C3A8C1054954EE528B92CEF2 |
SHA-256: | 03A6DC2978AA65FADBCB9026B69C8B4F43749FA2DC719AB4AD7489745BAC8D66 |
SHA-512: | 675902DD643946882E22E6F6D6B07A39177FAA63AA7F4F474B1413DD75B7ECA887B40F1ABDDFE93EFF0F20728AFBAEB1022244E7561FADB44242E994D7073E4F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E279F50C-91EA-4841-A527-8D9534FAEB24}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025580739348717164 |
Encrypted: | false |
SSDEEP: | 6:I3DPcd2VvxggLRKmpxIljFRXv//4tfnRujlw//+GtluJ/eRuj:I3DPI2ZfpwbvYg3J/ |
MD5: | B36B61C3586732F8D6A58F047CCD967A |
SHA1: | 8276A7FA286557CF8A031947B0C6B5ECA3E8FCC9 |
SHA-256: | 5FFD4423432F21A01C433B5F5EDA20ED1065F3929CBC69D96815428B5D2650DF |
SHA-512: | A029FF1927170E36F862E5FC27048ECDB138E16080E5E8DD39F168A3F8230C6AC9DC8CF63A6BB4261ABEA2A8A61A31787ED914BC84116E60F5A0F94BC6540984 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 131072 |
Entropy (8bit): | 0.025641896670120692 |
Encrypted: | false |
SSDEEP: | 6:I3DPc0YhFvxggLR7fWlgt/1u5FRXv//4tfnRujlw//+GtluJ/eRuj:I3DPgX+lg1uvYg3J/ |
MD5: | 680F359FA02E81BA50C3E8448E96910D |
SHA1: | 3ADC8B8D9E8AC216FBD9E9EEB1254DD3CD35EEDF |
SHA-256: | ED49C5509A30F55AB6122B209D618D82A8EB339CB4B70A6D07387B7A428EDAA9 |
SHA-512: | 8D2DA529F879EC8F049F6A928C433A2AD5538101207E1C0F0FBEF0EAF7696E6FEE6A2AB1A810A32F12F27C8F2B17DCCB64F336B6821BC92268145A43079845DD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1104 |
Entropy (8bit): | 4.5347997993411235 |
Encrypted: | false |
SSDEEP: | 24:8W/XTRMfxO4Qi1E3o2eHNE3oPDv3qlk7N:8W/XTI6iW42P4eliN |
MD5: | B666B0094DC8DAA10E3352F462959E1D |
SHA1: | 377B94B69CEDDF6CC0041C6F8C5127D4157FDD3D |
SHA-256: | BC3DC0677B15AC876BFFCB231FD0B8BDF351B1E832FA171838D8806880BF0E72 |
SHA-512: | 69A050ECD605A59B46A8DBEA8BEB9DA41E16CD5A695BA7F8CC0D1F0F5E2D95ADD460C6DFDD9A53869441264DE97EA8419144C8DBBADEF76B00995BDE7F5F03A8 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 90 |
Entropy (8bit): | 4.565363340937963 |
Encrypted: | false |
SSDEEP: | 3:M14DAVJu1LBK6Sm4QcVJu1LBK6Sv:MGDAVt6VcVt6c |
MD5: | 27720B0EBD8D1A7306EA64D22154D48D |
SHA1: | FC9F9D144D8A9F87246C4B20EAB85920FF9D6A23 |
SHA-256: | BF29844CFD0EE81CD982E18219B05C4893A00B3E2223A27DACE34179165C4AE5 |
SHA-512: | 7D376C43886E0A0CAE4805AA17E00777F078A3255480F1854DD063EFDB8274D4813D59D79DA96C030C982CA4DB0438BD397FE4A36B06CA5067406D9D6BB4D0E2 |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l |
MD5: | 89AFCB26CA4D4A770472A95DF4A52BA8 |
SHA1: | C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5 |
SHA-256: | EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17 |
SHA-512: | EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.4797606462020307 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l |
MD5: | 89AFCB26CA4D4A770472A95DF4A52BA8 |
SHA1: | C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5 |
SHA-256: | EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17 |
SHA-512: | EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.989392785502853 |
TrID: |
|
File name: | Offer 15492024 15602024.docx.doc |
File size: | 419'998 bytes |
MD5: | 0d0f500d82551e733eab0fb1060a49da |
SHA1: | 1e9af5dd484358b007673b0d7f9b85f8ac1a7b6c |
SHA256: | d5e214f3096564dfc3e348b6a3ac6aeefed75d785ac7cfab5d3019f67fdbc9be |
SHA512: | 79a0847d2d3d8399796365bd778785531643506634d64302a075fb5ee5206564a0d7d03b90e38f55c55e441e6bfddcbb1035a452123a8048044588cbfca16f82 |
SSDEEP: | 6144:D/46IX/fLf6fwf2Q5OmfRfufffXFO6S951ndPJHf9frX:DgvfLf6fwfdOmfRfufffX4h1dPRf9fr |
TLSH: | CA9401FF33A0F619DC2F3947C4A64D41D27798851C994D38393EA35B06AB1A5A3708BB |
File Content Preview: | PK.........r.X.4..m...........[Content_Types].xmlUT...rQOfrQOfrQOf.T.n.0..W.?D....CUU..]......{.n..6..wL(.* m.K...[f<q...*[..........p+....m....,Df.S.@I...pp}.......&.d....4..h.... R[.Y.W?....6.z...RnM....4....5...=..s....d.M].*.sNI.".ta....... ,.k..V..z. |
Icon Hash: | 2764a3aaaeb7bdbf |
Document Type: | OpenXML |
Number of OLE Files: | 11 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 31606 |
Entropy: | 7.916695020479147 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Has Summary Info: | |
Application Name: | |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Title: | |
Subject: | |
Author: | 91974 |
Keywords: | |
Template: | |
Last Saved By: | 91974 |
Revion Number: | 23 |
Total Edit Time: | 5 |
Create Time: | 2023-11-10T01:33:00Z |
Last Saved Time: | 2024-05-15T06:47:00Z |
Number of Pages: | 1 |
Number of Words: | 53 |
Number of Characters: | 304 |
Creating Application: | |
Security: | 0 |
Number of Lines: | 2 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 12.0000 |
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 94 |
Entropy: | 4.345966460061678 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . e . . D E S T . . . . . . A c r o b a t D o c u m e n t . . . . . . . . . A c r o E x c h . D o c u m e n t . D C . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 65 ca 01 b8 fc a1 d0 11 85 ad 44 45 53 54 00 00 11 00 00 00 41 63 72 6f 62 61 74 20 44 6f 63 75 6d 65 6e 74 00 00 00 00 00 15 00 00 00 41 63 72 6f 45 78 63 68 2e 44 6f 63 75 6d 65 6e 74 2e 44 43 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.8475846798245739 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x3ObjInfo |
CLSID: | |
File Type: | data |
Stream Size: | 6 |
Entropy: | 1.2516291673878228 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . |
Data Raw: | 00 00 03 00 01 00 |
General | |
Stream Path: | CONTENTS |
CLSID: | |
File Type: | PDF document, version 1.5, 1 pages (zip deflate encoded) |
Stream Size: | 30959 |
Entropy: | 7.915983867366053 |
Base64 Encoded: | True |
Data ASCII: | % P D F - 1 . 5 . % . 3 0 o b j . < < / C o l o r S p a c e / D e v i c e G r a y / S u b t y p e / I m a g e / H e i g h t 7 2 / F i l t e r / F l a t e D e c o d e / T y p e / X O b j e c t / W i d t h 2 5 5 / L e n g t h 2 0 8 1 / B i t s P e r C o m p o n e n t 8 > > s t r e a m . x { P . U . & B & o 1 b F P s . R 2 . . . . * Y 6 3 . . # N L 8 T X R | ( ( " * " < 6 ] . . { n n | . . s ` . . , b . E . . . q . ( ` o ^ E Y . 7 N Y ] . H X ^ 3 n . . " K . . . . . . * o " . E ( > . . . . . . . |
Data Raw: | 25 50 44 46 2d 31 2e 35 0a 25 e2 e3 cf d3 0a 33 20 30 20 6f 62 6a 0a 3c 3c 2f 43 6f 6c 6f 72 53 70 61 63 65 2f 44 65 76 69 63 65 47 72 61 79 2f 53 75 62 74 79 70 65 2f 49 6d 61 67 65 2f 48 65 69 67 68 74 20 37 32 2f 46 69 6c 74 65 72 2f 46 6c 61 74 65 44 65 63 6f 64 65 2f 54 79 70 65 2f 58 4f 62 6a 65 63 74 2f 57 69 64 74 68 20 32 35 35 2f 4c 65 6e 67 74 68 20 32 30 38 31 2f 42 69 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:41:07.471960068 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:07.477112055 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:07.477988005 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:07.477988005 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:07.538378954 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:07.981889009 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:07.982006073 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:08.824843884 CEST | 49166 | 80 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:08.831984997 CEST | 80 | 49166 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:08.832052946 CEST | 49166 | 80 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:08.836752892 CEST | 49166 | 80 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:08.890639067 CEST | 80 | 49166 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.331096888 CEST | 80 | 49166 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.384215117 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:09.384269953 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.384341955 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:09.398358107 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:09.398370981 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.543016911 CEST | 80 | 49166 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.543080091 CEST | 49166 | 80 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:09.998325109 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:09.998420000 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:10.002741098 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:10.002753019 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:10.003046989 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:10.126640081 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:10.170502901 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:10.791884899 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:10.791945934 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:10.792159081 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:10.795835972 CEST | 49167 | 443 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:41:10.795866013 CEST | 443 | 49167 | 172.67.171.37 | 192.168.2.22 |
May 23, 2024 20:41:14.126616955 CEST | 49168 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.131695986 CEST | 80 | 49168 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:14.131759882 CEST | 49168 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.131853104 CEST | 49168 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.183847904 CEST | 80 | 49168 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:14.680459976 CEST | 80 | 49168 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:14.687987089 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.688033104 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:14.688092947 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.722373009 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:14.722409964 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:14.881248951 CEST | 49168 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.206965923 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.207088947 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.211122036 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.211154938 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.211457968 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.224982977 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.270504951 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.553762913 CEST | 443 | 49169 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.554404020 CEST | 49169 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.588927984 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.884597063 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.984719038 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.984869957 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.991486073 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.991571903 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:15.991645098 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.993690014 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:15.993721008 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:16.478889942 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:16.478949070 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:16.484364986 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:16.484385014 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:16.484698057 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:16.484752893 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:16.493171930 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:16.534497976 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:17.111938953 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:17.113202095 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:17.113225937 CEST | 443 | 49170 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:41:17.113289118 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:17.114264011 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:41:17.114264011 CEST | 49170 | 443 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:42:17.119662046 CEST | 49166 | 80 | 192.168.2.22 | 172.67.171.37 |
May 23, 2024 20:43:05.476443052 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:43:05.487296104 CEST | 80 | 49165 | 104.21.47.128 | 192.168.2.22 |
May 23, 2024 20:43:05.487365007 CEST | 49165 | 80 | 192.168.2.22 | 104.21.47.128 |
May 23, 2024 20:43:14.085959911 CEST | 49168 | 80 | 192.168.2.22 | 104.21.47.128 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 23, 2024 20:41:03.806521893 CEST | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:41:07.448421001 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
May 23, 2024 20:41:07.468180895 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
May 23, 2024 20:41:08.786509037 CEST | 52917 | 53 | 192.168.2.22 | 8.8.8.8 |
May 23, 2024 20:41:08.806448936 CEST | 53 | 52917 | 8.8.8.8 | 192.168.2.22 |
May 23, 2024 20:41:08.810504913 CEST | 62751 | 53 | 192.168.2.22 | 8.8.8.8 |
May 23, 2024 20:41:08.824281931 CEST | 53 | 62751 | 8.8.8.8 | 192.168.2.22 |
May 23, 2024 20:41:14.105460882 CEST | 57893 | 53 | 192.168.2.22 | 8.8.8.8 |
May 23, 2024 20:41:14.117763996 CEST | 53 | 57893 | 8.8.8.8 | 192.168.2.22 |
May 23, 2024 20:41:14.119044065 CEST | 54821 | 53 | 192.168.2.22 | 8.8.8.8 |
May 23, 2024 20:41:14.126297951 CEST | 53 | 54821 | 8.8.8.8 | 192.168.2.22 |
May 23, 2024 20:41:56.442897081 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:41:57.192440033 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:41:57.942460060 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:05.648338079 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:06.397902966 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:07.147959948 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:08.442408085 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:09.192116976 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:42:09.942275047 CEST | 137 | 137 | 192.168.2.22 | 192.168.2.255 |
May 23, 2024 20:43:03.495048046 CEST | 138 | 138 | 192.168.2.22 | 192.168.2.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
May 23, 2024 20:41:07.448421001 CEST | 192.168.2.22 | 8.8.8.8 | 0xf500 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:41:08.786509037 CEST | 192.168.2.22 | 8.8.8.8 | 0x9648 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:41:08.810504913 CEST | 192.168.2.22 | 8.8.8.8 | 0xa98e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:41:14.105460882 CEST | 192.168.2.22 | 8.8.8.8 | 0xc083 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
May 23, 2024 20:41:14.119044065 CEST | 192.168.2.22 | 8.8.8.8 | 0x1100 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
May 23, 2024 20:41:07.468180895 CEST | 8.8.8.8 | 192.168.2.22 | 0xf500 | No error (0) | 104.21.47.128 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:07.468180895 CEST | 8.8.8.8 | 192.168.2.22 | 0xf500 | No error (0) | 172.67.171.37 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:08.806448936 CEST | 8.8.8.8 | 192.168.2.22 | 0x9648 | No error (0) | 172.67.171.37 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:08.806448936 CEST | 8.8.8.8 | 192.168.2.22 | 0x9648 | No error (0) | 104.21.47.128 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:08.824281931 CEST | 8.8.8.8 | 192.168.2.22 | 0xa98e | No error (0) | 104.21.47.128 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:08.824281931 CEST | 8.8.8.8 | 192.168.2.22 | 0xa98e | No error (0) | 172.67.171.37 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:14.117763996 CEST | 8.8.8.8 | 192.168.2.22 | 0xc083 | No error (0) | 104.21.47.128 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:14.117763996 CEST | 8.8.8.8 | 192.168.2.22 | 0xc083 | No error (0) | 172.67.171.37 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:14.126297951 CEST | 8.8.8.8 | 192.168.2.22 | 0x1100 | No error (0) | 172.67.171.37 | A (IP address) | IN (0x0001) | false | ||
May 23, 2024 20:41:14.126297951 CEST | 8.8.8.8 | 192.168.2.22 | 0x1100 | No error (0) | 104.21.47.128 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 104.21.47.128 | 80 | 2088 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 23, 2024 20:41:07.477988005 CEST | 128 | OUT | |
May 23, 2024 20:41:07.981889009 CEST | 799 | IN | |
May 23, 2024 20:41:15.588927984 CEST | 342 | OUT | |
May 23, 2024 20:41:15.984719038 CEST | 831 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49166 | 172.67.171.37 | 80 | 2088 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 23, 2024 20:41:08.836752892 CEST | 112 | OUT | |
May 23, 2024 20:41:09.331096888 CEST | 631 | IN | |
May 23, 2024 20:41:09.543016911 CEST | 631 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
2 | 192.168.2.22 | 49168 | 104.21.47.128 | 80 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
May 23, 2024 20:41:14.131853104 CEST | 123 | OUT | |
May 23, 2024 20:41:14.680459976 CEST | 803 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 172.67.171.37 | 443 | 2088 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:41:10 UTC | 112 | OUT | |
2024-05-23 18:41:10 UTC | 711 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.2.22 | 49169 | 104.21.47.128 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:41:15 UTC | 123 | OUT | |
2024-05-23 18:41:15 UTC | 767 | IN | |
2024-05-23 18:41:15 UTC | 602 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.22 | 49170 | 104.21.47.128 | 443 | 2088 | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-05-23 18:41:16 UTC | 342 | OUT | |
2024-05-23 18:41:17 UTC | 758 | IN | |
2024-05-23 18:41:17 UTC | 611 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:41:04 |
Start date: | 23/05/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fc20000 |
File size: | 1'423'704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 7 |
Start time: | 14:41:35 |
Start date: | 23/05/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe0000 |
File size: | 2'525'680 bytes |
MD5 hash: | 2F8D93826B8CBF9290BC57535C7A6817 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 8 |
Start time: | 14:41:41 |
Start date: | 23/05/2024 |
Path: | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x20000 |
File size: | 9'805'808 bytes |
MD5 hash: | 326A645391A97C760B60C558A35BB068 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |